You can use Alibaba Cloud Client to view and connect to Elastic Compute Service (ECS) instances, elastic container instances, simple application servers, and instances managed by Alibaba Cloud. This topic describes how to use Alibaba Cloud Client to view, connect to, and manage ECS instances.

Prerequisites

  • One or more accounts are added to Alibaba Cloud Client. For more information, see Add one or more accounts to Alibaba Cloud Client.
  • Session management can be used to connect to ECS instances in a variety of manners, such as over SSH and by using port forwarding. Both Alibaba Cloud accounts and Resource Access Management (RAM) users can use session management, but only Alibaba Cloud accounts have permissions to enable session management.
    • If the session management feature is not enabled, use an Alibaba Cloud account or contact the owner of an Alibaba Cloud account to enable this feature. For more information, see Connect to an instance by using session management.
    • If you want to use the session management feature as a RAM user, make sure that you are authorized to call the StartTerminalSession operation. For more information about sample policies attached to RAM users, see the "Sample policies" section in Sample policies. Make sure that your RAM users are granted secure and controllable permissions. Proceed with caution when you attach policies to RAM users to prevent unauthorized operations caused by improper management of or unintended authorizations to RAM users.
    Note If one or more of the preceding prerequisites are not met, Start Session Manager becomes unavailable in the Actions column on the Instances page of Alibaba Cloud Client.

View ECS instances

  1. On the homepage of Alibaba Cloud Client, click ECS.
  2. On the Instances page, you can view the information of ECS instances, as shown in the following figure.
    Search for instances
    • ①: This section shows the location information of ECS instances. You can click the Arrow icon on the right side of a region to switch to another region.
    • ②: This section shows the list of ECS instances.
    • ③: This section shows the pagination toolbar. You can navigate through pages in the pagination toolbar.
    • ④: This section shows the instance search box.
      • You can search for an ECS instance by instance ID, public IP address, private IP address, or instance name.
      • Enter a keyword in the search box and press the Enter key to search for instances in the current region.
      • You can enter an instance name for fuzzy search.
    • ⑤: This section shows the Actions column.
      • Actions to connect to instances
      • Actions to start, stop, and release instances
      • Actions to configure release protection settings (only for pay-as-you-go instances)
      • Actions to view more instance details

Connect to an ECS instance

Connect to an ECS instance over SSH

  1. On the homepage of Alibaba Cloud Client, click ECS.
  2. In the upper-left corner of the ECS Instance page, select the region of the instance to which you want to connect.
  3. Find the instance to which you want to connect and choose Actions > Start SSH in the Actions column.
  4. Specify Username. Default value: root. You can specify a username based on your business requirements. Specify Port Num. Default value: 22. You can specify a port number based on your business requirements. Set Certifier.
    Valid values of Certifier:
    • Password: Enter the password of the ECS instance.
      Note In Alibaba Cloud Client, you can click the Settings icon in the upper-right corner. On the Settings page, click SSH in the left-navigation pane. Then, set the Save Password to parameter. To save the instance password to the /.aliyun/secrets.json file on your computer, set the parameter to Local File. To save the instance password to Key Management Service (KMS), set the parameter to KMS. For more information, see Configure system settings.
    • Identity: Select an SSH private key file from the ~/.ssh/ directory or another directory on your computer.
    • Temp KeyPair: A temporary key pair is generated and sent to the instance. The key pair is valid within 1 minute. This method eliminates the need to manage passwords and key files.
  5. Click Connect.

Connect to an instance by using session management

You can use the session management feature on Alibaba Cloud Client to connect to instances without the need to specify passwords or public IP addresses, or enable SSH or Remote Desktop Protocol (RDP) ports. Session management provides high security and ease of use. For information about how session management works, see How session management works.

  1. On the homepage of Alibaba Cloud Client, click ECS.
  2. In the upper-left corner of the ECS Instance page, select the region of the instance to which you want to connect.
  3. Find the instance to which you want to connect and choose Actions > Start Session Manager in the Actions column.
    By default, the ecs-assist-user username is used to connect to the instance.

Connect to an instance over SSH by using session management

You can connect to instances over SSH by using session management on Alibaba Cloud Client. When you use session management to connect to an instance, the logon username is ecs-assist-user by default. When you use session management to connect to an instance over SSH, you can specify a username to log on to the instance, which is more flexible in some scenarios.

  1. On the homepage of Alibaba Cloud Client, click ECS.
  2. In the upper-left corner of the ECS Instance page, select the region of the instance to which you want to connect.
  3. Find the instance to which you want to connect and choose Actions > Start SSH (via Session Manager) in the Actions column.
  4. Specify Username. Default value: root. You can specify a username based on your business requirements. Specify Port Num. Default value: 22. You can specify a port number based on your business requirements. Set Certifier.
    Valid values of Certifier:
    • Password: Enter the password of the ECS instance.
      Note In Alibaba Cloud Client, you can click the Settings icon in the upper-right corner. On the Settings page, click SSH in the left-navigation pane. Then, set the Save Password to parameter. To save the instance password to the /.aliyun/secrets.json file on your computer, set the parameter to Local File. To save the instance password to Key Management Service (KMS), set the parameter to KMS. For more information, see Configure system settings.
    • Identity: Select an SSH private key file from the ~/.ssh/ directory or another directory on your computer.
    • Temp KeyPair: A temporary key pair is generated and sent to the instance. The key pair is valid within 1 minute. This method eliminates the need to manage passwords and key files.
    We recommend that you select Temp KeyPair to connect to instances without the need to specify passwords or public IP addresses. You can use RAM to control the connection permissions.

Connect to an instance by using the port forwarding feature provided by session management

You can use the port forwarding feature provided by session management to forward network traffic from a port on your computer to an instance without the need to specify the public IP address of the instance. This way, you can access the services that are running on the instance in a secure and convenient manner.
Note Assume that the MySQL service is running on port 3306 on your instance. Your computer on which Alibaba Cloud Client is installed runs a Linux operating system. You can use the port forwarding feature to access the MySQL service on the instance from port 13306 on your computer.
The port forwarding feature has the following benefits:
  • The operations on Alibaba Cloud Client can be audited and are secure and controllable.
  • RAM can be used to control the connection permissions.
  • The port forwarding feature can be used to access port 22 on instances to allow specified users to connect to the instances over SSH.
  • The port forwarding feature can be used to access HTTP ports and web applications on instances without the need to specify the public IP addresses of the instances.
  1. On the homepage of Alibaba Cloud Client, click ECS.
  2. In the upper-left corner of the ECS Instance page, select the region of the instance to which you want to connect.
  3. Find the instance to which you want to connect and choose Actions > Port Forward (via Session Manager) in the Actions column.
  4. Specify Remote Port. The port is used to access services on the instance. Specify Local Port. The port is listened on your computer. Turn on or off Print Request and Print Response. Enable or disable Open http://localhost:8080/ after started.
  5. Click Start.

Manage ECS instances

Start an instance

  1. On the homepage of Alibaba Cloud Client, click ECS.
  2. In the upper-left corner of the ECS Instance page, select the region of the instance to which you want to connect.
  3. Find the instance that you want to start and choose Actions > Start Instance in the Actions column.
  4. In the message that appears, check instance information and click Start Instance.

Stop an instance

  1. On the homepage of Alibaba Cloud Client, click ECS.
  2. In the upper-left corner of the ECS Instance page, select the region of the instance to which you want to connect.
  3. Find the instance that you want to stop and choose Actions > Stop Instance in the Actions column.
  4. In the message that appears, check instance information and click Stop Instance.

Restart an instance

  1. On the homepage of Alibaba Cloud Client, click ECS.
  2. In the upper-left corner of the ECS Instance page, select the region of the instance to which you want to connect.
  3. Find the instance that you want to restart and choose Actions > Reboot Instance in the Actions column.
  4. In the message that appears, check instance information and click Reboot Instance.

Release an instance

  1. On the homepage of Alibaba Cloud Client, click ECS.
  2. In the upper-left corner of the ECS Instance page, select the region of the instance to which you want to connect.
  3. Find the instance that you want to release and choose Actions > Delete Instance in the Actions column.
  4. In the message that appears, check instance information and click Delete Instance.

Enable release protection for an instance

You can enable the release protection feature for your pay-as-you-go instances that run critical workloads. This feature prevents your pay-as-you-go instances instance from being manually released due to accidental operations. For more information about instance release protection, see Enable or disable release protection for ECS instances.
Note This feature is available for only pay-as-you-go instances.
  1. On the homepage of Alibaba Cloud Client, click ECS.
  2. In the upper-left corner of the ECS Instance page, select the region of the instance to which you want to connect.
  3. Find the instance for which you want to enable release protection and choose Actions > Set Deletion Protection in the Actions column.
  4. In the message that appears, check instance information and click Set Deletion Protection.

View instance attributes

  1. On the homepage of Alibaba Cloud Client, click ECS.
  2. In the upper-left corner of the ECS Instance page, select the region of the instance to which you want to connect.
  3. Find the instance whose attributes you want to view and choose Actions > Show Properties in the Actions column.
    You can view the attributes of the instance, including the instance name, hostname, instance type, operating system, and Cloud Assistant state.